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ABSTRACT 

This paper describes the ongoing work in fault tolerance at the University of Texas at 
Austin. The paper describes the technical goals the group is striving to achieve and 
includes a brief description of the individual projects focusing on fault tolerance. The 
ultimate goal is to develop and test technology applicable to all future missions of NASA 
(lunar base, Mars exploration, planetary surveillance, space station, etc.). 

INTRODUCTION 

The University of Texas at Austin, in concert with the Robotics Division at JSC and 
funding support by the telerobotics program at NASA headquarters, has undertaken a 
long term effort to establish advanced component and system technology for space 
robotics with emphasis on fault tolerance [Butler et al.][Tesar '89][Tesar et al.]. The goal 
is to develop and test technology applicable to all future missions of NASA (lunar base, 
Mars exploration, planetary surveillance, space station, etc.). This technology would be 
in balance with the astronaut sharing tasks based on performance, cost, and availability 
issues. In order to reduce costs, the system would be made up of a finite number of 
modules (both hardware and software) proven by extensive testing in space. This set 
of modules would be constantly under technical development so that "tech mods" would 
be feasible at any time. Also, the repair and logistics functions (warehousing of spares 
in space) would be based on these modules to further reduce costs. This architecture 
would allow the specification of a robot configuration "on demand" reducing the threat of 
obsolescence and freeing the mission planner to aggressively use advanced (yet 
proven) technology. 

The following is an overview of the structure of the program at The University of Texas 
at Austin. 

1 . Actuator Technology — Present actuator technology is largely unchanged 
since 1965 except for the utilization of rare earth motors and improved electronic 
controllers. The goal is to aggressively develop component technology which can 
be integrated in a carefully designed class of actuator modules made up of dual 
motors, brakes, gear drives, clutches, sensors, electronic controllers, etc., which 
would provide fault tolerance for dramatically improved performance and reliability 
of space mechanisms including robotics. 
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2. Modular Architecture — A true modular architecture (in the same form as has 
proven useful for computer systems) can not only reduce life cycle costs (repair, 
tech mods, logistics spares planning, etc.) but can dramatically increase 
performance while unfettering the designer to more freely and quickly develop 
actual operating systems to satisfy future space missions. It is proposed to 
assemble and reconfigure a broad population of systems from a very small 
collection of proven and optimized modules produced at lower costs. 

3. Task Planning The complex motion of a body in space to trace out precision 
trajectories requires the sophisticated theory of algebraic curves to smoothly 
coordinate all 6 DOF of the end-effectors. The need for dependable task planning 
derives from a spectrum of demanding physical tasks such as debris damage 
inspection, precision wiring disassembly and assembly, force fit assembly, dual arm 
operations, etc. while avoiding obstacles. The goal would be to make task planning 
more automated requiring primarily supervisory involvement by the astronaut - 
reducing their time burden and potential fatigue. 

4. Dual Arm Operations — Due to the lack of frictional stability generated by 
gravity forces, all parts must be under control at all times to prevent "dropping". 

This means that either special fixtures (the bane of data base control in 
manufacturing) must be employed or dual arms must perform the relative motion 
tasks (force fit assembly, control of ungainly objects that may be easily damaged, 
removal of insulation wrappings, bending to fit, etc.) that are sure to occur on long 
duration missions. No real time operation of a dual arm system capable of these 
tasks exists today. For two manipulators of 7 DOF each, this requires a level of 
control (precision force and position of 14 inputs to control 6 relative outputs) far 
beyond any standard approaches (PID, fuzzy logic, sliding mode control, adaptive 
control, etc.). 

5. Task Performance — Long duration space missions suggest an enormous 
range of physical tasks of great complexity (handling of large modules, precision 
welding and forming, unstructured tasks associated with joining and fastening, 
precision machining, etc.). This complexity can be met only by a criteria based 
decision control structure based on accurate system parameters (using careful 
metrology) and hundreds of performance criteria. A prioritized selection of these 
criteria will be used to create performance indexes to compare the model based 
performance with the actual performance derived from a very broad collection of 
sensor signals. Differences between actual and modeled performance will be the 
basis for adjusting the control inputs to the system. 

6. Condition Based Maintenance — Having established a model reference 
control structure comparing actual with predicted performance, it becomes feasible 
to monitor the system over time to determine when basic maintenance 
(replacement of actuator components, sensors, controllers, etc.) should be 
performed and to provide an archival record of that performance. This should 
improve the system's reliability, reduce the cost of operation, prevent unexpected 
failures, and provide lesson's learned for the operator and the designer of future 
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components as well as to the mission planner for module selection to make up 
systems for other tasks. 

7 Fault Tolerance — Fault tolerance is virtually non-existent in present robotics 
development for space. A full architecture for fault tolerance involves four levels 
(alternate physical pathways) of mechanical structure to avoid faults. The UT 
program strongly recommends a 10 DOF manipulator system (level III) made up of 
dual actuators (level I).. This level of choice (20 actuator inputs to control 6 outputs) 
can only be achieved by a criteria based decision making structure based on 
performance indexes composed of hundreds of physical criteria (which demands an 
extremely high computational capacity). Such superior system controller 
technology (several gigaflops) is emerging as a commodity (at reasonable cost) in 
the near term. Hence, fault tolerance is not only feasible but it can only be achieved 
through a comparative analysis between an accurate and complete analytical model 
reference and a sensor based actual model of the system. This makes Fault 
Detection and Isolation (FDI) possible. No other method of control does. 

8. Man-Machine Interface — Because of the extraordinary value associated with 
the time of the astronaut, the interface between man and machine is being 
recognized as a key resource to maximize overall performance and to train (skill) 
the system's operator. Very complex operations (dual arms, disturbance rejection, 
unstructured tasks, precision assembly at small scales, multiple slaves, obstacle 
avoidance, etc.) require an exceptional level of dexterity and task performance. 

This is best achieved by setting operational priorities (selection of criteria, 
performance indexes, threshold levels for fault identification, etc.) by human 
intervention. Specially designed actuators, human augmentation software, fault 
tolerance, etc., must be built into future manual controllers to maximize the task 
performance of an increasingly complex slave manipulator technology. 

9. Ground Based Control — As space missions develop (by analog, with the 
aircraft pilot), the astronaut will be less available to perform mundane, repetitive, 
and low valued tasks. In order to reduce costs, the demand on the astronaut’s time, 
and to reduce risks, the robot will either have to be operated remotely from a 
protected module or it will have to be operated from a stand-off position (say the 
moon or from a control center on earth). This set of conditions leads to the 
inevitable conclusion that an enhanced man-machine interface to remotely control 
an array of deployed slave manipulators (robots) in space is essential. 

10. Augment RRC Technology — The Robotics Research Corporation has 
produced a sophisticated modular manipulator of high smoothness and resolution 
which is widely used in NASA laboratories as a demonstrator. The AARMS facility 
at JSC is made up of two 7 DOF RRC arms on two separate precision 2 DOF 
pedestals to make up a valuable demonstrator of the technology for space station 
operations. A 17 DOF system (two 7 DOF arms and a 3 DOF torso by RRC) has 
been made available by Grumman Corporation to The University of Texas at Austin. 
Both of these systems will be used to integrate and evaluate much of the 
technology described in this paper. The goal is to test the most advanced control 
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software for performance, condition based maintenance, and fault tolerance in real 
time (say 10 milli-sec.) and to do so with improved operator intervention. 

Overall, the program at The University of Texas is concentrating on two levels: the 
actuator as the driver of the system (equivalent to the computer chip as the driver of 
computers) and at the system performance level (equivalent to the operating system in 
personal computers). The objective is to make these two technologies standards for the 
field of intelligent machines and robotics. This universality is what has created the value 
in personal computers: increased performance at lower costs. In addition, the program 
is laying the foundation of a revolutionary approach to control the complex, coupled, and 
highly nonlinear structures involved, to show the continuum from task performance, 
condition based maintenance, to fault tolerance all of which depend on a 
computationally based model reference compared to a sensor identified model. This 
continuum now becomes unified because of the availability as a commodity of a low 
cost system controller of several gigaflops. 

The central part of this paper will outline on-going development activity at The 
University of Texas at Austin to meet these 10 technical objectives. The final section of 
the paper will provide a projection of further development where not only will space 
requirements be addressed, but also aggressive implementation for industrial 
technology (manufacturing) will benefit from this investment by NASA. 

ARCHITECTURES 

The level of performance and versatility expected from space robots makes it imperative 
that particular emphasis be placed on the question of architecture across multiple 
domains. While such design issues have to be addressed for each of those domains 
(mechanical, electronic, and software), certain essential principles may be allowed to 
pervade the system’s architectural considerations. These principles are 1) modularity 
and 2) redundancy. 

Traditionally, mechanical systems have had monolithic architectures that do not permit 
easy repair and replacement, nor the fluent incorporation of advances in component 
technologies. Ease of repair and replacement are directly linked to the availability of the 
system and is, therefore, a matter of immediate concern to space systems. The 
deficiencies of such a philosophy, or lack of one, are best offset by aiming for an 
architecture that is highly structured and modular. A true modular architecture helps 
reduce life cycle costs and frees the designer to quickly prototype and develop actual 
operational systems for future space missions. The UT program has been concerned 
with the development of modular structures for space robotics, across the domains of 
mechanisms, electronics and software. 

Redundancy is demanded by twin operational considerations for space operations: safe 
and enhanced performance provided by redundant systems-to be explained in a later 
section— and the ability to tolerate faults. Fault tolerance in a robotics context may be 
defined * as the capability of the system to sustain a failure and still continue operation 


* due to C. Price [Tesar et al.] 
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without significant impact on the manipulator payload or its immediate environment. 
Graceful degradation is often inadequate as a requirement and uncontrolled motion 
must at all costs be minimized. Fault tolerance is assured by the incorporation of 
protective redundancies and their organization into an effective and responsive 
architecture. While the causes of unreliability do not disappear, their effects are 
counteracted by the capability of the system to be intelligent, and to mask the failure or 
reconfigure itself in the event of component failure. It must be emphasized that these 
redundancies are active redundancies that are operational at all times and which 
enhance the performance of the robot through the optimization of secondary criteria. We 
now consider general modular manipulator architectures for fault tolerance. 

The Four-level Architecture 

The conceptual outline of a total architecture based on modularity principles has been 
presented in [Butler et al.]. While the issue of architecture depends ultimately on the 
context and specific tasks envisaged of the robot, it is possible to devise a broad 
architectural scheme that is based on the requirement [Chladek] that the system be two- 
fault tolerant. The resulting architecture, in its most general form, is capable of providing 
a masking redundancy at the first level and a dynamic or reconfiguring redundancy to 
tolerate the second fault. The organization of these redundancies may be conceived in 
four levels and they constitute a subsumptive architecture [Sreevijayan]. The four levels 

are: 


1) extra actuators per joint (e.g., prime mover duality) 

2) extra joints per DOF (redundantly actuated parallel 
structures, e.g., 4-legged spherical shoulder) 

3) extra DOF per arm (redundant manipulators) 

4) extra arms per manipulator system (e.g., dual arm 
robots, four-fingered hands, etc.) 

We now discuss specific prototypes being developed at the University of Texas at 
Austin that will provide component technologies for realizing modular and redundant 
space manipulators. 

2-DQF Redundant Knuckle Mechanism 

The knuckle, shown in Figure 1 ., can operate either as a force feedback joystick or as a 
2 Degree-Of-Freedom (DOF) manipulator. The knuckle demonstrates modularity and 
Level I fault tolerance at the servo level. It uses two independent servo systems per 
single DOF to obtain Level I mechanical redundancy. Modularity is demonstrated in the 
servo control hierarchy (see description of DISCs). The system is designed to handle a 
minimum of 1 fault before failing. The system controller acts as a supervisor in 
analyzing the sensory feedback with a Fault A servo system can either remove itself 
from the system or be removed from the control hierarchy by its parallel controller. 

Each servo system consists of a clutch, a brushless resolver, a brake, a Hall-effect 
sensor and a three-phase Brushless DC motor The system controller consists of a 486 
PC operating under the Lynx O/S® real-time operating system. The system controller 
communicates to the servo controllers via a HDLC medium at a rate of 1 MBit/s. HDLC 
is a communications protocol based on IEEE RS-532 standard. 
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Modular Brakes for the Fault-Tolerant Actuator 

A new brake was developed for use in the next generation of robot actuator technology. 
The caliper disk brake has an annular geometry that capitalizes on the structural 
integrity of the robot actuator shell. One to four independent brake calipers can be 
positioned around the rim of the disk to give a redundant capability. The torque path 
goes directly from the calipers to the actuator shell to produce a truly, lightweight, 
integrated design. An ultra-low power consumption is achieved since only a very small 
current is required to hold the brake pads in the released position. The brake design is 
very compact, lightweight and has a high torque/weight ratio. Performance parameters 
were determined from prototype testing and compared to a set of average performance 
parameters derived from a database of commercially available high performance brake 
modules. The new brake design has achieved a number of improvements when 
compared to standard practice. 
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Criteria 

Benefit 

Torque/weight Ratio 

3X Better 

Compactness 

2X Better 

Response Time 

2X Faster 

Operating Power Consumption 

700X Better 


Table 1 . Benefits Of The Improved Modular Robot Brake 


The Digital Intelligent Servo Controller (DISCI 


The Robotics Research Group has developed a Digital Intelligent Servo Controller 
(DISC), shown in Figure 2., that expands the actuator controller technology. The DISC 
is a very compact brushless DC servo controller that offers numerous features not 
contained in any single commercial system available today. Some of the features 
include: multiple sensor interfacing, compact ‘smart’ power electronics, fault tolerance, 
and high speed digital communications designed in a modular package. 
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Object-Oriented Software Architectures 


The Robotics Research Group at U.T. is in the final phase of designing and developing 
a unique object-oriented software for advanced robots. This software provides 
abstractions for various robotic concepts like kinematics, dynamics, decision making, 
and fault-tolerance. The abstractions are implemented as a part of an inheritance 
hierarchy. This software is developed in a modular and extensible fashion, with the user 
having the capability of connecting various modules as desired. This promotes rapid- 
prototyping. Also, the framework provides for reuse and extensibility. For example, if a 
generalized inverse kinematics module would not satisfy user needs, the user could 
easily substitute that module with a custom inverse kinematics module. Such a change 
does not affect the structure of the rest of the software. This software provides an ideal 
environment for robotics research and allows for interaction at all levels of abstraction. 
Moreover, the rapid-prototyping capability of the software allows for easy 
experimentation. In addition, due to the general nature of this software, it is applicable 
to a wide variety of robotic structures. 

DECISION-MAKING AND CONTROL 

A redundant robot is an extremely complex system with essentially limitless options for 
performing most tasks. The extra resources demand active utilization during normal 
operation. This refers to the redundancy management mode of operation where the 
control inputs are selected based on the optimization of selected performance criteria. 
Our position is that no single criteria is sufficient for decision-making and control, but 
rather that a suite of weighted and ranked criteria must form the basis for any intelligent 
decision making process. Towards this goal we have conceptualized over 100 different 
performance criteria and mathematically formulated 30 of these. The section on criteria 
development describes some of them. 

After formulating and prioritizing the performance criteria for a given system, there still 
remains the problem of incorporating them into a decision making system that will 
maximize performance while simultaneously satisfying operational constraints. Fault- 
tolerance places additional demands on the decision maker because the robot may 
suddenly lose one or more resources, thus requiring a change in control emphasis from 
one of redundancy management to that of failure management. The failure 
management further breaks into chronological stages. First is fault detection and 
isolation (FDI). The fault detection routines must continuously monitor the system and 
upon detection of a fault, must isolate and identify the source of the fault. At this point, 
the reconfigurable control system responds to the change in the robot's resources and 
automatically restructures the control algorithm so that the control inputs are 
reconfigured while at the same time maintaining task performance. Finally, condition- 
based maintenance on the robot will restore it to full-capability. 

Serial Robot with 21 Degrees of Freedom 

As an example of redundancy resolution in a fault-tolerant system, consider the inverse 
kinematics problem for the massively-redundant serial robot with 21 degrees of freedom 
shown in Figure 3. Though this is clearly a conceptual robot, it represents a system with 
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a tremendous degree of redundancy. We have developed a unique redundancy 
resolution technique based on the method of sequential filters developed by 
Eschenbach and Tesar [Eschenbach]. 



This method of redundancy resolution explicitly identifies a set a feasible options for the 
robot's motion in the next instance using a series of joint-level perturbations. Perturbing 
the joint displacements a small amount, A 6 , from their current values, 6 , generates a 

set of local configuration options, 0: 0 = 0 + eAd, where e is an arbitrary sweep vector 
with all elements equal to ±1 or 0. The vector of current displacement values, 0, is the 
base point for the perturbations. At the base point, e = 0. All other e with elements 
equal to combinations of ±1 and 0 generate points on the faces, edges, and vertices of 
an n -dimensional hypercube with n equal to the number of degrees of freedom. The 
sequential filters then evaluate and rank the options based on the performance criteria 
and operational constraints. The logical sequence first applies the least computationally 
demanding constraints, and then evaluates the remaining options based on the higher- 
level performance criteria. The application of equality constraints on the end-effector's 
placement, followed by travel, speed, and acceleration limits at the joint-level will 
typically eliminate the vast majority of the options. A fault in one of the joints simply 
removes the options associated with perturbations of the faulty joint from the feasible 
set. Using this technique, we can resolve the redundancy of this extremely complex 
system at hundreds of cycles per second on common personal computers. 

Performance Criteria 

The ability of a decision making system to control a redundant robot system depends on 
the quality of the information it is provided to make those decisions. Performance criteria 
are mathematically rigorous metrics which are derived from the kinematic and dynamic 
robot models Each performance criterion quantifies a characteristic inherent to the 
operation of the robot and thereby provides vital information concerning its current state. 
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The decision making system may make use of these criteria to determine the quality of 
various self-motion configurations and select a solution that best achieves the specified 
goals. 

Performance criteria may divided into two categories based on the information they 
require. Task dependent criteria rely on information concerning the current state of the 
robot's task; such as velocity or force specifications. Conversely, task independent 
measures are defined only from the physical parameters inherent to the robot; 
geometry, inertia, and compliance for example. While both categories provide useful 
information, the robotics program has focused on a criteria formulation free of the 
predetermination of the robot task. This task abstraction will extend the application base 
to which the criteria may be applied. Performance criteria developed at The University of 
Texas at Austin's Robotics Group consists of 29 measures, defined in these categories: 

• Geometric based on first and second order kinematic properties of the 

manipulator, 

• Inertial based on the inertial terms in the manipulator's dynamic 

equations, 

• Kinetic Energy .. based on system level kinetic energy content and individual 

link contributions 

• Compliance based on the link and joint compliances (stiffnesses) of the 

manipulator. 

A simple, yet very powerful example of a geometric criterion is derived from the 
First-Order velocity equation which is given as 

a=[o;]0, 


where, 

• u is the end-effector velocity, 

• <p is the joint velocity, and 

• [g;] is the manipulator Jacobian. 

The singularity detection criterion is derived from this mapping of joint to end-effector 
space as 

Vo *Tnin ■ 

where, cr^ is the minimum singular value of the manipulator Jacobian, and is 
determined from the singular value decomposition.. 

Level III Fault Tolerance 

Figure 4. shows a serial robot with 10 degrees of freedom and fault-tolerance at Levels 
II and III. This kinematic arrangement affords the robot complete dexterity even if any 
one of the joints failed and is locked. The manipulator has a regional structure with 6 
degrees of freedom (that is built on a regional sub-structure with 3 degrees of freedom) 
and an orientation structure with 4 degrees of freedom. The use of two-roll joints in the 
regional structure provides positional fault-tolerance and the 4 DOF orientation structure 
retains all joint axes intersecting at right angles even if any one of the wrist joints fails. 
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Figure 4. A conceptual fault-tolerant robot with 10 degrees of freedom. 


In the decision-making and control algorithm for this system, the fault-detection and 
identification sub-system identifies the faulty joint and informs the decision making sub- 
system. The decision making sub-system selects any six joints of the robot for 
application of the inverse kinematics subsystem. The inverse kinematics sub-system 
then returns the joint displacements to the decision-making sub-system or an error flag 
if the calculations were unsuccessful due to mathematical singularity or workspace 
violations. The entire decision-making and control system executes at approximately 
300 Hz. on an Indigo R4400. 

DUAL ARM OPERATIONS 


An advanced 17 degree-of-freedom dual arm robotic system, shown in Figure 5., is 
being integrated into a technology demonstration testbed in the UT Robotics Laboratory. 
The robot is capable of demonstrating Level III fault tolerance with each of its redundant 
DOF arms and Level IV fault tolerance with its dual arm configuration. 

The robot utilized in the UT testbed is a K/B-2017 Dexterous Manipulator manufactured 
by Robotic Research Corporation [Karlen et al.] It incorporates two seven-axis 
manipulators on a three-axis torso assembly providing a total of 17 DOF. Grippers 
attached to the end of the manipulators each provide an additional DOF, making the 
entire system 1 9 DOF. Each joint drive module is comprised of an electric servomotor, 
harmonic drive gear reducer, and joint position and torque transducers. 
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Control of the system will be based on a task oriented architecture. A robot task such 
as application of a large force or precise motion of the end-effectors would be identified 
by the operator for a given operation. The operator may then concentrate on task 
completion while the robot's command and control architecture manages the robot's 
redundant resources and makes compensations for any system faults. The control 
system determines the best robot motion or arm poise to meet the physical task 
requirements by optimizing one or more of a set of dual arm performance criteria. 



The UT program has identified and mathematically formulated 25 dual arm criteria. The 
criteria are addressed at three separate levels of control: Operation level, End-Effector 
level, and Manipulator level. At each level, criteria are used to characterize different 
distinct kinematic and dynamic attributes. Multiple criteria have been successfully 
demonstrated in computer simulated dual arm task [Cox]. The task include heavy 
payload lifting, fixtureless assembly on-the-fly, and work piece deformation. 
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Failure Detection and Isolation 

The subject of machine self-diagnostics and failure detection and identification (FDI) in 
dynamic systems is not new [Willsky][lsermann], but the integration of such schemes 
into a real-time failure responsive control system is yet to be realized. A key element of 
such an FDI scheme is its capability to detect incipient failure, which gives the 
reconfiguration and recovery stages ample time to respond to the failure in such a 
manner as to minimize error excursions and reconfiguration shock. 

Two basic types of FDI schemes exist: model-free and model-based methods. The latter 
methods are more suited for real-time autonomous systems as the former invariably 
tend to be off-line and require operator assistance. Model-based methods rely on the 
use of mathematical descriptions of the monitored system, called analytical 
redundancies. The methods involve the generation of a residual , whose on-line 
statistics are compared against nominal ones in a decision unit where fault detection, 
isolation and identification take place. The decision unit then generates a control 
impairment status (CIS) report, that provides quantitative and qualitative information 
about the status of the monitored system, based on which the failure responsive control 
system takes subsequent actions. 

The University of Texas has been investigating FDI techniques for robotic manipulators. 
A sensor fault detection scheme that employs parity relations among temporal 
redundancies has been derived [Sreevijayan] and implemented [Rubin] for the knuckle 
module of Figure 1 . The failure of any one sensor (position or velocity) is masked, thus 
making FDI and sensor reconfiguration transparent to the control system . The scheme, 
as designed, can be configured in a triple or n-modular redundancy (NMR) setup so that 
faulty sensors can be isolated and dynamically configured out of the system. Actuator 
FDI for the knuckle is realized using parameter identification techniques based on the 
work in [Isermann]. In this technique, failure is detected and identified depending on the 
statistical variations of the on-line estimated values of the physical parameters of the 
actuator from their fault-free ones. The changes, in orientation and magnitude, of on- 
line estimated vectors in parameter space provide the necessary diagnostic information. 


Reconfiaurable Control 

The problem of control of fault-tolerant systems, in particular those with redundant 
control inputs is of sufficient general interest across a variety of disciplines (robotics, 
flight control systems, etc.) that it warrants the investigation and development of a 
general theoretical framework. While preliminary efforts at deriving fault tolerance 
schemes that take into account the full dynamics of a manipulator have met with 
success [Menon][Ting], the absence of a formal mathematical framework restricts our 
ability to answer qualitative questions like existence and optimality of solutions to such 
problems. With this in mind, the University of Texas program has embarked on an in- 
depth study of the theoretical issues underlying the utilization (under normal and failure 
modes) of redundant control elements in general nonlinear control systems. We are 
currently pursuing an operator-theoretic approach which treats the control problem in an 
input-output framework. The problem is then to solve appropriate operator equations 
that yield infinite solutions by optimizing a prescribed functional. The functional so 
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prescribed will reflect useful criteria during normal operation and will reflect the failure 
status of control actuators when the FDI system signals a fault. The mathematical 
framework may be thought of as generalizing the familiar generalized inverse problem in 
robot kinematics to the more complex realm of operators that map, say, one Hilbert 
space into another. We expect to be able to fully and formally characterize the nature of 
redundancies in any control system, in a manner analogous to the concept and 
formulation of available redundancy in the kinematics of Level III manipulators 
[Sreevijayan], 

CONCLUSIONS 


The University of Texas at Austin's Robotics program has developed a broad technical 
base for the development of component and system level technologies for space 
robotics. This paper gave an overview of our ongoing work in several key areas that are 
geared to address the needs of NASA’s future missions. Our emphasis, driven by the 
needs of such missions, continues to be on enhanced accuracy and performance, 
condition monitoring and condition-based repair, modularity, criteria-based decision 
making and, above all, fault tolerance with reconfigurable control. To support the stated 
goals of our mission, and to fully integrate the component technologies described in this 
paper, we are also doing an in-depth study of micro-sensor technologies, sensor fusion 
and software architectures for failure-responsive control. This will allow us to realize the 
kind of machine intelligence that will animate the robots of the future. 
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